Previously, if a load balancer or proxy was configured in front of the
Microsoft IIS 6.0 agent and a user attempted to access a protected resource
from a machine whose IP was in the not-enforced client IP list, the user would
be redirected to the Access Manager or OpenSSO server, since the agent used
the IP of the proxy instead of the client machine.

The Policy Agent Update 2.2-04 release includes the following new properties
in AMAgent.properties that you can set if a load balancer
is deployed in front of the IIS 6.0 agent and you want the agent to evaluate
the request against the not-enforced client IP list:

com.sun.agents.load_balancer.enable enables
(true) or disables (false) the option
to evaluate the request against the not-enforced client IP list, if a load
balancer is deployed in front of the IIS 6.0 agent. The default is false. The following two properties are not used unless this property
has a value of true.

com.sun.am.policy.agents.config.client.ip.header is
the name of the HTTP header that contains client IP, which depends on the
type of load balancer you are using. If not used, leave this property blank.

com.sun.am.policy.agents.config.client.hostname.header is
the name of the HTTP header that contains the hostname of the client. If not
used, leave this property blank.

After you set these properties, restart the IIS 6.0 instance.

Note. These new properties apply
only to the IIS 6.0 agent. CR 6894700 fixes the 32-bit IIS 6.0 agent, and
CR 6864977 fixes the 64-bit IIS 6.0 agent and OWA.